- Register a network in ZeroTier Central (my.zerotier.com) and use the Network ID when installing ZeroTier clients including Mikrotik devices. It's free for up to 25 devices for private use.
- Enable the ZeroTier "instance". Defaults will suffice.
- Enable the ZeroTier "interface" and specify the Network ID from #1 and the name of the interface.
- Each new node that is added to the network must be approved using ZeroTier Central (my.zerotier.com) before it can be used.
That's all !
Here's some more helpful info about ZeroTier that you might find interesting:
- The ZeroTier interface appears under the regular "Interfaces" menu and is treated like any local Ethernet interface and may for example be added to the "interface list" as LAN, etc.
- When creating a new network, ZeroTier Central autmatically picks a subnet that can be changed anytime.
- ZeroTier Central assigns static addresses from the subnet to the clients automatically. A client can be assigned multiple addresses, for example by adding them manually.
- To enable access to a single LAN or multiple site-to-site (mesh) networks, just add the subnets to Managed Routes in ZeroTier Central.
- It's possible to join and use multiple ZeroTier networks simultaneously and even route traffic between them.
- The administrative web interface called ZeroTier Central (my.zerotier.se) is a proprietary solution that runs on top of a ZeroTier controller and is operated by ZeroTier Inc. As an alternative, you may set up your own independent controller either on the router itself which is included in the ZeroTier packge or, for example in a sepearat container. When running your own controller you only get json as an administrative interface by default. To get web based administration install Zero-UI which is designed as a direct copy of the ZeroTier Central layout.
- Complex network policies can be enforced using the ZeroTier rules engine (aka Flow Rules) that are based on capacity-based security and member classification tags. This includes rules for, for example, node addresses, tags ID's, different types of L2/L3 protocols, tcp/udp ports, etc.
- Keep in mind that ZeroTier (at least in v1.10) is still single threaded and also depends on hardware offload for AES which hasn't been implemented on all platforms by Mikrotik (yet). Correct me if I'm wrong on this one.
Here are two useful articles that provide a good holistic overview of ZeroTier.
For a detailed walkthrough of ZeroTier see AMMO's eminent explanation: